Topic: Remote Windows File Sharing

[Graham]

Is it possible to access a Windows File Share out side of the local LAN without using VPN?

[chris burnat]

You can remotely access and manipulate the content of an ibay  over ssh, or sftp.  You will need to set the correct permissions in the ibay panel and enable ssh access in remote access panel.  Please be aware of the security risk when enabling external ssh access to your box. You can also use FTP, however, this is not recommended because of the known security risls associated with FTP - use it as a last resort.  Best would be to read the manual, all of this is clearly explained in the Wikis.  Come back here if you have any questions.  Hope it helps.
chris.

[mmccarn]

WinSCP (http://winscp.net/eng/index.php) and smeserver-remoteuseraccess (install instructions here, as part of another how-to: http://wiki.contribs.org/FTP_Access_to_Ibays#2._Install_the_smeserver-remoteuseraccess_contrib) can be combined to give you simple remote ssh access to your SME files and folders from Windows.

smeserver-remoteuseraccess has a field where you can put 'ssh keys' so you may (I've never tried it) be able to setup public-private keyed access to individual user folders very securely.

If you can get it to work, 'webdav' gives you read-write access remote folders from 'My Network Places'.  There are some oddities, but it can be done...

[Graham]

At the moment we are using SME as a file server, users can access there HOME directory using \\SERVER-1\USERNAME from the local network.

Now we have an application that needs to access data on that network when outside the Local Network, so I need to be able to access it like this from.

\\WAN IP GOES HERE\USERNAME

[mmccarn]

The short answer is that you can't do this securely.

You could try adding the remote IP address to your 'local networks' - which *might* let you open a share as you want, but would *definitely* expose things to the internet that are better left unexposed...

Is there a reason that a PPTP VPN is not an option?

[Graham]

I've have tried VPN and I can connect to SME but I'm not able to access any network shares.

Any Ideas

[girkers]

You may need to check your permissions, in that the computer your using for the VPN, is the user a registered user on your SME box.  Have you tried \\smeip\share?

[Graham]

When connected using VPN should you be able to ping the SME Server IP?

[girkers]

Theoretically yes, as you are in essence connected to your local network. On the windows machine do ipconfig /all and check the ip settings for the VPN connection and ensure they are in fact that of the SME network.

[Graham]

The IP the VPN has been given is fine.

When I try, \\SERVER IP\USERNAME I get

No network provider accepted the given network path

[chris burnat]

The IP the VPN has been given is fine.
When I try, \\SERVER IP\USERNAME I get
No network provider accepted the given network path

Maybe this is of assistance:
http://msmvps.com/blogs/nuoyan/archive/2004/11/07/18250.aspx

[Graham]

I think this has something to do with me not being able to ping the SME Server when connected using VPN.

[chris burnat]

Just in case... have you enabled VPN for the user in the user panel?

[Graham]

Yes, don't think you can connect if you don't

[mmccarn]

When I try, \\SERVER IP\USERNAME I get

Just to make sure - are you entering the LAN IP or the WAN IP?  (You should be using the LAN IP).

Also, what kind of antivirus are you running on the remote workstation?  Norton, McAfee, or almost any product that includes firewall "enhancements" is likely to have asked you the first time you attempted access whether to allow or deny your traffic, as the VPN connection is a "new" network as far as that workstation is concerned...  I suspect the default answer would result in VPN SMB traffic getting blocked...

[Graham]

I'm entering the LAN IP 10.0.1.1, the IP the VPN gets given is 10.0.1.246.

The Client PC isn’t’ running any protection at the moment not even windows firewall

[Graham]

I also can't ping the VPN client from the Local Network, or from the SME Server

Pinging 10.0.1.246 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.0.1.246: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

[chris burnat]

I'm entering the LAN IP 10.0.1.1, the IP the VPN gets given is 10.0.1.246.
The Client PC isn’t’ running any protection at the moment not even windows firewall

You could have hit a Bug.  Please go to the Bugtracker and fill a report there, providing a summary of what you are experiencing, In particular the fact that you can lconnect OK with VPN, but cannot ping the SME server from the VPN client.  Also provide version number of your server, and history if you can.
Thanks
chris

[Graham]

Done

http://bugs.contribs.org/show_bug.cgi?id=3426

[maykelsoft]

Hi,

I am using PPTP VPN with no problem at all. I can access our LAN shares via remote. Please give the following info:
1. On your remote machine try ipconfig /all -- post what you got
2. Are you able to browse internet while connected to your SME VPN Server?
3. You said that there's no firewall enable on your machine, as I read the threads it looks that only firewall can block that services... or your remote machine is not connected at all... strange!
4. Is there any unusual on your /var/logs/messages?

I know that this issue is already reported on bug tracker... just want to help quick.

Regards,
Mike

[Graham]

Thats correct the client has no Firewall, and I can still access the Internet fine on the VPN Client

PPP adapter Spratt-Family:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.1.246
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.0.1.1
                                       10.0.1.1
   Primary WINS Server . . . . . . . : 10.0.1.1
   Secondary WINS Server . . . . . . : 10.0.1.1

[maykelsoft]

Hmm looks the same as mine... are you using M$ Vista on your remote machine?

I believe this is a firewall issue on your remote machine if you are using M$ Vista.

[Graham]

Hmm looks the same as mine... are you using M$ Vista on your remote machine?

I believe this is a firewall issue on your remote machine if you are using M$ Vista.

No Windows 2003 Server, Windows Firewall is Disabled and RRAR is as Disabled

[maykelsoft]

What are the other services running on your windows 2003 server? AD? DHCP? WINS? DNS?

Try this command on windows 2003 server command prompt:
net dom query fsmo

[Graham]

This doesn't seem to work, "net dom query fsmo"

I've tried from a few different 2003 Servers the latest server I'm using isn't running AD, DHCP, WINS or DNS

[maykelsoft]

Sorry it should be: netdom query fsmo

As you said, there are no other services running on your server.

By the way, you said that you can browse internet while connected to SME VPN. Is there any proxy set to your remote machine browser?

Try the following command from your remote machine:
1. telnet IP_OF_SME_VPN_SERVER 3128
2. tracert www.google.com

I don't believe that you can browse internet on your remote machine using SME VPN server if you can't ping that server itself.

My two cents.

Regards,

mike

[Graham]

Sorry it should be: netdom query fsmo

As you said, there are no other services running on your server.

By the way, you said that you can browse internet while connected to SME VPN. Is there any proxy set to your remote machine browser?

Try the following command from your remote machine:
1. telnet IP_OF_SME_VPN_SERVER 3128
2. tracert www.google.com

I don't believe that you can browse internet on your remote machine using SME VPN server if you can't ping that server itself.

My two cents.

Regards,

mike

When browsing the internet on the remote machine it's using it’s gateway not the SME server

This command also doesn’t work “netdom query fsmo”

This command “telnet 10.0.1.1 3128” returns fail to connect

[maykelsoft]

If that's the case. It looks like you are not really connected with SME VPN Server. If your are connected with SME VPN server it automatically set your SME VPN server as your gateway on your remote machine, unless you have changed something in your pptpd.conf.

Try to connect using different machine if possible, just to isolate if this is an issue with your current windows 2003 server or SME VPN server. In case you can connect using different machine, apparently there's a problem with your windows 2003 server.

[chris burnat]

This issue appears to have been resolved. 
From Bug #3426 at Bugzilla:

Fixed it, check this URL
http://www.isaserver.org/tutorials/Solving_the_Mystery_of_the_VPNRASWeb_Proxy_Client.html

section "Changing the Gateway Settings"

Edit: added words "appears to have"

[judgej]

If that's the case. It looks like you are not really connected with SME VPN Server. If your are connected with SME VPN server it automatically set your SME VPN server as your gateway on your remote machine.

I think that depends on the settings on your client machine, rather than the server (or perhaps both). In the VPN connection settings, there is usually a box to tick, to specify whether you want the machine to switch its default gateway to the VPN once it is connected, or to keep the default gateway set to whatever it was before the VPN connected.

[jameswilson]

your not running both machines on a 10.0.1.x subnet are you?

The server and the client need to be on different sub nets for vpn to work as you want. Mine does.. in fact my sme server handles pptp vpn's better than my works 2003 server